Havana Cuba. — An advertisement for Twitter this month caused the increase in downloads of two-factor authentication (2FA) applications in the Google Play store and Apple Store by users of the social network.
According to the post, SMS-based 2FA is not secure, so “non-Twitter Blue subscribers who are already signed up will have 30 days to turn off this method and sign up for another method. After March 20, 2023, we will no longer allow non-Twitter Blue subscribers to use text messages as a 2FA method,” Twitter announced on its official blog.
The company of Elon Musk recognizes that cybercriminals abuse this method for malicious purposes, so two options would be available to protect accounts: authentication through 2FA applications and through hardware (security keys).
The second option, although more secure, is less popular as it requires additional expense and the price of a “decent” security key is currently around $100.
Alarm bells have been raised because some of the 2FA apps available in the Google store compromise user security, according to a notice recently posted on sophosBritish software and hardware security development company.
“We reviewed several authenticator apps after Twitter stopped the SMS method for 2FA. We saw many scam apps that look almost the same as the real ones. They all trick users into getting an annual subscription for $40 a year. We caught four that have nearly identical binaries. We also detected an app that sends each scanned QR code to the developer’s Google analytics account,” the specialists stated.
In the investigation, one of the fraudulent applications misleads users by using a company name that looks visually authentic, but changes one character to a similar one in such a way that users don’t notice the difference at first glance. This falsification is known as “typosquatting”.
If you are using an application of this type that asks to pay for a subscription or has ads, it is recommended to uninstall and install one developed by a recognized company. In this sense, the widely recommended applications for 2FA are “Google authenticator”, “Authy”, among others that belong to renowned developers.
Devices with IOS systems incorporate a 2FA code generator in the Settings/Passwords location, although one of the aforementioned applications can also be installed on them.
2FA is that instead of just entering a password to log in, a code or security key is also required. This additional step ensures that only the user has access to the account.
In the case of Cuba, using 2FA on any service is particularly insecure since
the Cuban Telecommunications Company (ETECSA) controlled by the island’s authorities,
does not respect privacy and disposes of users’ SMS messages at will.